The AD user accounts cannot be removed in this case because the Exchange Servers security group inherits explicit “deny” permissions for deleting objects in the Monitoring Mailboxes container.
- Open Active Directory Users and Computers.
- Click View, and then make sure that Advanced Features is selected. If it is not, select it.
- Navigate to the following container:
- Right-click Monitoring Mailboxes, click Properties, and then click the Security tab.
- Click Advanced on the Security tab. You now see the following dialog box:
- Click Add, type Exchange Servers, click Check Names, and then click OK.
- Select the Allow check box for the Delete subtree permission.
- Click OK in all the remaining windows.
- Wait for AD replication
If you have Exchange deployment in a multi-AD domain environment, follow the preceding steps on all the domains in which Exchange servers are deployed.
Article ID: 3046530 - Last Review: Oct 1, 2015 - Revision: 1